Mercurial > hg > nginx-tests
changeset 1382:cb1346b553aa
Tests: simple https tests merged back.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 09 Oct 2018 18:33:01 +0300 |
| parents | 97c8280de681 |
| children | e5246e5caa31 |
| files | ssl.t ssl2.t |
| diffstat | 2 files changed, 13 insertions(+), 178 deletions(-) [+] |
line wrap: on
line diff
--- a/ssl.t +++ b/ssl.t @@ -31,7 +31,7 @@ eval { IO::Socket::SSL::SSL_VERIFY_NONE( plan(skip_all => 'IO::Socket::SSL too old') if $@; my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite proxy/) - ->has_daemon('openssl')->plan(21); + ->has_daemon('openssl')->plan(23); $t->write_file_expand('nginx.conf', <<'EOF'); @@ -68,6 +68,9 @@ http { location /cipher { return 200 "body $ssl_cipher"; } + location /ciphers { + return 200 "body $ssl_ciphers"; + } location /client_verify { return 200 "body $ssl_client_verify"; } @@ -75,10 +78,13 @@ http { return 200 "body $ssl_protocol"; } location /issuer { - return 200 "body $ssl_client_i_dn"; + return 200 "body $ssl_client_i_dn:$ssl_client_i_dn_legacy"; } location /subject { - return 200 "body $ssl_client_s_dn"; + return 200 "body $ssl_client_s_dn:$ssl_client_s_dn_legacy"; + } + location /time { + return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; } location /body { @@ -241,10 +247,12 @@ like(get('/', 8081), qr/^body \.$/m, 'se like(get('/id', 8085), qr/^body \w{64}$/m, 'session id'); unlike(http_get('/id'), qr/body \w/, 'session id no ssl'); like(get('/cipher', 8085), qr/^body [\w-]+$/m, 'cipher'); +like(get('/ciphers', 8085), qr/^body [:\w-]+$/m, 'ciphers'); like(get('/client_verify', 8085), qr/^body NONE$/m, 'client verify'); like(get('/protocol', 8085), qr/^body (TLS|SSL)v(\d|\.)+$/m, 'protocol'); -like(cert('/issuer', 8085), qr!^body CN=issuer$!m, 'issuer'); -like(cert('/subject', 8085), qr!^body CN=subject$!m, 'subject'); +like(cert('/issuer', 8085), qr!^body CN=issuer:/CN=issuer$!m, 'issuer'); +like(cert('/subject', 8085), qr!^body CN=subject:/CN=subject$!m, 'subject'); +like(cert('/time', 8085), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); # c->read->ready handling bug in ngx_ssl_recv(), triggered with chunked body
deleted file mode 100644 --- a/ssl2.t +++ /dev/null @@ -1,173 +0,0 @@ -#!/usr/bin/perl - -# (C) Sergey Kandaurov -# (C) Andrey Zelenkov -# (C) Nginx, Inc. - -# Tests for http ssl module. - -############################################################################### - -use warnings; -use strict; - -use Test::More; - -BEGIN { use FindBin; chdir($FindBin::Bin); } - -use lib 'lib'; -use Test::Nginx; - -############################################################################### - -select STDERR; $| = 1; -select STDOUT; $| = 1; - -eval { require IO::Socket::SSL; }; -plan(skip_all => 'IO::Socket::SSL not installed') if $@; -eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; -plan(skip_all => 'IO::Socket::SSL too old') if $@; - -my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/) - ->has_daemon('openssl'); - -$t->write_file_expand('nginx.conf', <<'EOF'); - -%%TEST_GLOBALS%% - -daemon off; - -events { -} - -http { - %%TEST_GLOBALS_HTTP%% - - ssl_certificate_key localhost.key; - ssl_certificate localhost.crt; - ssl_verify_client optional_no_ca; - - server { - listen 127.0.0.1:8080 ssl; - server_name localhost; - - location /ciphers { - return 200 "body $ssl_ciphers"; - } - location /issuer { - return 200 "body $ssl_client_i_dn_legacy"; - } - location /subject { - return 200 "body $ssl_client_s_dn_legacy"; - } - location /time { - return 200 "body $ssl_client_v_start!$ssl_client_v_end!$ssl_client_v_remain"; - } - } -} - -EOF - -$t->write_file('openssl.conf', <<EOF); -[ req ] -default_bits = 1024 -encrypt_key = no -distinguished_name = req_distinguished_name -[ req_distinguished_name ] -EOF - -my $d = $t->testdir(); - -$t->write_file('ca.conf', <<EOF); -[ ca ] -default_ca = myca - -[ myca ] -new_certs_dir = $d -database = $d/certindex -default_md = sha1 -policy = myca_policy -serial = $d/certserial -default_days = 3 - -[ myca_policy ] -commonName = supplied -EOF - -$t->write_file('certserial', '1000'); -$t->write_file('certindex', ''); - -system('openssl req -x509 -new ' - . "-config $d/openssl.conf -subj /CN=issuer/ " - . "-out $d/issuer.crt -keyout $d/issuer.key " - . ">>$d/openssl.out 2>&1") == 0 - or die "Can't create certificate for issuer: $!\n"; - -system("openssl req -new " - . "-config $d/openssl.conf -subj /CN=subject/ " - . "-out $d/subject.csr -keyout $d/subject.key " - . ">>$d/openssl.out 2>&1") == 0 - or die "Can't create certificate for subject: $!\n"; - -system("openssl ca -batch -config $d/ca.conf " - . "-keyfile $d/issuer.key -cert $d/issuer.crt " - . "-subj /CN=subject/ -in $d/subject.csr -out $d/subject.crt " - . ">>$d/openssl.out 2>&1") == 0 - or die "Can't sign certificate for subject: $!\n"; - -foreach my $name ('localhost') { - system('openssl req -x509 -new ' - . "-config $d/openssl.conf -subj /CN=$name/ " - . "-out $d/$name.crt -keyout $d/$name.key " - . ">>$d/openssl.out 2>&1") == 0 - or die "Can't create certificate for $name: $!\n"; -} - -$t->run()->plan(4); - -############################################################################### - -like(get('/ciphers'), qr/^body [:\w-]+$/m, 'ciphers'); -like(get('/issuer'), qr!^body /CN=issuer$!m, 'issuer'); -like(get('/subject'), qr!^body /CN=subject$!m, 'subject'); -like(get('/time'), qr/^body [:\s\w]+![:\s\w]+![23]$/m, 'time'); - -############################################################################### - -sub get { - my ($uri) = @_; - my $s = get_ssl_socket() or return; - http_get($uri, socket => $s); -} - -sub get_ssl_socket { - my (%extra) = @_; - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(2); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => port(8080), - SSL_cert_file => "$d/subject.crt", - SSL_key_file => "$d/subject.key", - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_error_trap => sub { die $_[1] }, - %extra - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; -} - -###############################################################################